FAA Secures Server That Allowed E-Mail Forgery.

by Majik on November 9th, 2001 The Federal Aviation Administration has secured an e-mail server that allowed unauthorized users to send out messages that appeared to originate from the government's aviation safety watchdog.

The FAA server, located at Internet protocol address 204.108.10.130, was improperly secured since at least late May, according to records maintained by Mail Abuse Prevention Systems (MAPS), an organization that attempts to combat junk e-mailers.

System administrators for the FAA apparently tightened security on the server after its address was posted Monday to RISKS, an Internet mailing list. Attempts to connect to the server's e-mail port today were rejected.

FAA officials did not immediately respond to interview requests.

According to MAPS, the FAA server was added to its Relay Spam Stopper (RSS) blacklist of open e-mail relays on May 23, after the machine was used by a junk e-mailer to send out a mass-mailing that advertised a work-at-home business opportunity.

The subject line of the relayed message, the headers of which indicate it traveled through the FAA's server, read "Work at Home & Make Great Money!"

To avoid detection, junk e-mailers or "spammers" often use insecure third-party mail servers for sending their unsolicited mass mailings. But the open FAA server could also have been used by malicious parties to forge e-mails that appeared to be from FAA officials.

As a demonstration, an Internet user sent a message to a mailing list Tuesday through the open FAA server. The headers of the message showed a FAA.gov return address as well as a message identification label from the agency's server.

The FAA's Web site, at http://www.faa.gov, was not affected by the security lapse. That system, like the e-mail server and seven other Internet-connected FAA machines, is running Microsoft's Windows NT operating system, according to the Netcraft Web server survey.

As a result of the blacklisting, subscribers to the MAPS RSS list, which include several Internet service providers, may have been unable to receive legitimate e-mails from the FAA since late May, according to Anne Mitchell, director of legal and public affairs for MAPS.

To get off the list, the FAA would need to contact MAPS and notify the anti-spam organization that it has closed the open relay, she said.